Exploitdb Exploits
49,996 exploits tracked across all sources.
EMC Recoverpoint < 5.1.2 - OS Command Injection
Dell EMC RecoverPoint versions prior to 5.1.2 and RecoverPoint for VMs versions prior to 5.1.1.3, contain a command injection vulnerability. An unauthenticated remote attacker may potentially exploit this vulnerability to execute arbitrary commands on the affected system with root privilege.
by Paul Taylor
CVSS 9.8
TP-Link TL-WA850RE <5 - Command Injection
TP-Link TL-WA850RE Wi-Fi Range Extender with hardware version 5 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the wps_setup_pin parameter to /data/wps.setup.json.
by yoresongo
CVSS 8.8
NEWMARK NMCMS 2.1 - SQL Injection
NEWMARK (aka New Mark) NMCMS 2.1 allows SQL Injection via the sect_id parameter to the /catalog URI.
by Berk Dusunur
CVSS 9.8
perfSONAR MaDDash <2.0.2 - Info Disclosure
An issue was discovered in perfSONAR Monitoring and Debugging Dashboard (MaDDash) 2.0.2. A direct request to /lib/ provides a directory listing.
by ManhNho
CVSS 5.3
perfSONAR MaDDash <2.0.2 - Info Disclosure
An issue was discovered in perfSONAR Monitoring and Debugging Dashboard (MaDDash) 2.0.2. A direct request to /etc/ provides a directory listing.
by ManhNho
CVSS 5.3
perfSONAR MaDDash <2.0.2 - Info Disclosure
An issue was discovered in perfSONAR Monitoring and Debugging Dashboard (MaDDash) 2.0.2. A direct request to /style/ provides a directory listing.
by ManhNho
CVSS 5.3
Windows Desktop Bridge - Privilege Escalation
An elevation of privilege vulnerability exists in Windows when Desktop Bridge does not properly manage the virtual registry, aka "Windows Desktop Bridge Elevation of Privilege Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8208.
by Google Security Research
CVSS 7.0
Windows - Privilege Escalation
An elevation of privilege vulnerability exists in Windows when Desktop Bridge does not properly manage the virtual registry, aka "Windows Desktop Bridge Elevation of Privilege Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8214.
by Google Security Research
CVSS 7.0
Ipconfigure Orchid Core Vms - Path Traversal
IPConfigure Orchid Core VMS 2.0.5 allows Directory Traversal.
by Nettitude
CVSS 7.5
Apache Couchdb < 1.7.0 - OS Command Injection
CouchDB administrative users can configure the database server via HTTP(S). Some of the configuration options include paths for operating system-level binaries that are subsequently launched by CouchDB. This allows an admin user in Apache CouchDB before 1.7.0 and 2.x before 2.1.1 to execute arbitrary shell commands as the CouchDB user, including downloading and executing scripts from the public internet.
by Cody Zacharias
CVSS 7.2
Redis <5.0 - DoS
Type confusion in the xgroupCommand function in t_stream.c in redis-server in Redis before 5.0 allows remote attackers to cause denial-of-service via an XGROUP command in which the key is not a stream.
by Fakhri Zulkifli
CVSS 7.5
NTP 4.2.8p11 - Buffer Overflow
Stack-based buffer overflow in ntpq and ntpdc of NTP version 4.2.8p11 allows an attacker to achieve code execution or escalate to higher privileges via a long string as the argument for an IPv4 or IPv6 command-line parameter. NOTE: It is unclear whether there are any common situations in which ntpq or ntpdc is used with a command line from an untrusted source.
by Fakhri Zulkifli
CVSS 9.8
perfSONAR MaDDash <2.0.2 - Info Disclosure
An issue was discovered in perfSONAR Monitoring and Debugging Dashboard (MaDDash) 2.0.2. A direct request to /images/ provides a directory listing.
by ManhNho
CVSS 5.3
Redatam7 - Info Disclosure
Redatam7 (formerly Redatam WebServer) allows remote attackers to discover the installation path via an invalid LFN parameter to the /redbin/rpwebutilities.exe/text URI.
by Berk Dusunur
CVSS 5.3
Redatam7 - Path Traversal
Redatam7 (formerly Redatam WebServer) allows remote attackers to read arbitrary files via /redbin/rpwebutilities.exe/text?LFN=../ directory traversal.
by Berk Dusunur
CVSS 7.5
Pale Moon <27.9.3 - Use After Free
A use-after-free vulnerability exists in DOMProxyHandler::EnsureExpandoObject in Pale Moon before 27.9.3.
by Berk Cem Göksel
CVSS 9.8
Microsoft Windows 10 1507 - Insecure Deserialization
A remote code execution vulnerability exists in "Microsoft COM for Windows" when it fails to properly handle serialized objects, aka "Microsoft COM for Windows Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.
by Code White
CVSS 8.8
Audiograbber 1.83 - Local Buffer Overflow (SEH)
by Dennis 'dhn' Herrmann
Joomla! Component Jomres 9.11.2 - Cross-Site Request Forgery (Add User)
by L0RD
RabbitMQ Web Management < 3.7.6 - Cross-Site Request Forgery (Add Admin)
by Dolev Farhi
Redis <4.0.10 & 5.x <5.0 RC3 - Buffer Overflow
Buffer overflow in redis-cli of Redis before 4.0.10 and 5.x before 5.0 RC3 allows an attacker to achieve code execution and escalate to higher privileges via a crafted command line. NOTE: It is unclear whether there are any common situations in which redis-cli is used with, for example, a -h (aka hostname) argument from an untrusted source.
by Fakhri Zulkifli
CVSS 8.4
Nikto <2.1.6 - Command Injection
CSV Injection vulnerability in Nikto 2.1.6 and earlier allows remote attackers to inject arbitrary OS commands via the Server field in an HTTP response header, which is directly injected into a CSV report.
by Adam Greenhill
CVSS 9.8
EIP-2026-117937
EXPLOITDB
Soroush IM Desktop App 0.15 (beta) - Authentication Bypass
by VortexNeoX64
By Source